Crypto and phishing – how criminals are cashing in

Egress | 18th Aug 2022

Over the past several years, crypto has become increasingly mainstream. Research has predicted that by the end of 2022, the number of US adults who own at least one cryptocurrency will increase by 19% to 33.7 million. This equates to 12.8% of the population.

Naturally, cybercriminals have quickly learned how to cash in on this popularity. A report by the Federal Trade Commission (FTC) revealed that since the start of 2021, over 46,000 people had lost a total of over $1 billion due to crypto scams, with a median reported loss of $2,600.

One of the key ways that criminals are exploiting people and cashing in is through phishing scams. 

The rise of crypto phishing scams 

Typically, crypto phishing scams target information relating to online wallets. Each digital wallet comes with one unique private key. This key can only be updated if the user creates a new wallet. 

Scammers steal these keys by sending emails to lure people to websites requesting private key information. They then use this information to access the wallets and steal cryptocurrency. Once a user has been locked out of their wallet, there is typically very little that they can do to regain access. 

Below, we have included a list of some of the most common crypto phishing scams:

Spear phishing

Spear phishing is a targeted attack that focuses on a specific individual. It is typically designed to trick them into revealing sensitive information such as their account credentials or financial information. As a result, attackers may focus on high-ranking individuals or people involved in confidential operations within an organization. 

In June 2022, a hacker sent over 50,000 phishing emails from a malicious Zendesk account. As part of their phishing campaign, they impersonated TrustWallet, a crypto wallet designed to send, receive, and store cryptocurrencies and NFTs. These emails redirected users to a TrustWallet phishing page and convinced them to reveal their recovery phrases, giving criminals access to their accounts. 

Phishing bots

Phishing bots are used to steal users' seed phrases and take advantage of two-factor authentication (2FA). 

In February 2022, CNBC reported that cybercriminals were going after users' one-time passwords using Telegram-powered bots. One Coinbase customer, Dr. Anders Apgar, said that his account had a balance of more than $100,000 in crypto when it was hacked during a robocall.

After receiving a notification telling him that his account was in jeopardy, Apgar's phone began to buzz incessantly. Panicked, he answered one of the calls. He can't remember whether he manually entered his 2FA code or if it popped up on his screen. Within a few minutes, he was locked out of his account and never regained access. 

DNS hijacking

DNS hijacking is when cybercriminals replace an authentic website with a fake interface. It is often particularly difficult to spot, and it is not prevented by 2FA. This is because the code you enter into the hackers' website will be forwarded to the actual site, granting them access to your bank account. 

In July 2022, attackers targeted two remote procedure call (RPC) interfaces for the Polygon and Fantom blockchains via a DNS hijack. Mudit Gupta, Polygon's chief information security officer, told Coindesk, "no funds lost as far as we know, but we are still investigating." 

To avoid risking losing your crypto assets to DNS hijacking, you can use a hardware wallet and a VPN to ensure that the information you enter is being passed through an encrypted channel. 

Fake browser extensions

Browser extensions such as MetaMask, Nifty Scanner, and Coinstats allow users to interact with decentralized applications through their browser, verify NFT assets, and track their portfolios. 

The rise in popularity of these extensions has led to cybercriminals creating their own fake browser extensions to dupe users and steal their assets. 

In March 2020, fake "Ledger Live" Google Chrome extensions stole over 1.4 million XRP by collecting user backup passphrases. To appear more authentic, the cybercriminals paid for Google Ads so that they could appear on the Google search results page. 

Staying safe from crypto phishing scams 

Even some of the most seasoned security experts can fall victim to phishing scams. The attacks are becoming increasingly sophisticated, and they're getting more difficult to spot. 

It is important to remain vigilant by avoiding promises of free money or huge profits, checking URLs and social media posts carefully for typing errors, and staying alert for any hints of blackmail or extortion. If it seems too good to be true, then it probably is. 

Learn how we can secure the number one risk vector - email. Request your personalized Intelligent Email Security demo.